data security or technology what drives dlp implementation
TRANSCRIPT
DATA SECURITY OR TECHNOLOGY -WHAT
DRIVES DLP IMPLEMENTATION
ISACA –BANGALORE CHAPTER
Bangalore
15 November, 2014 1
CONFIDENTIALCONFIDENTIAL
The Document may contain material non�public
information and is provided for informational
purpose only.
The views presented here are the sole views of
the Speaker and doesn’t represent the views of
the Organization where he is / was working.
2
CONFIDENTIALCONFIDENTIAL
3
CONFIDENTIALCONFIDENTIAL
4
Determining The Value of Information
Data Protection Priorities
CONFIDENTIALCONFIDENTIAL
Changing Threats to Data Security 5
CONFIDENTIALCONFIDENTIAL
Top 10 Most Frequent
Data Leakage Incidents
1. Patient PHI sent to partner, again, and again
2. Employee send Sales Funnel Data to competitor
3. Payroll data being sent to home email address
4. Draft press release to outside legal council
5. Financial and M&A postings to message boards
6. Source code sent with resume to competitor
7. Credit Card or account numbers….and thousands of them
8. Confidential patient information
9. Internal memos and confidential information
10. Sensitive Board Papers circulated to competitor
6
CONFIDENTIALCONFIDENTIAL
What is Data Loss
Prevention
• Data loss prevention (aka, DLP) is a data security technology that detects potential data breach incidents in timely manner and prevents them by monitoring data in-use (endpoints), in-motion (network traffic), and at-rest (data storage) in an organization’s network.
• Wave of Data Loss Prevention solutions hit the market place in the mid 2000’s
7
CONFIDENTIAL
Data Loss Prevention Is Imperative 8
Insiders and partners cause most breaches
• Insiders make mistakes handling data
• Broken business processes increase risk
Compliance mandates data protection
• Increased focus on data privacy
• Need to demonstrate data controls
More complex threats to your data
• External threats target high value data
• Limited visibility of where data is
76%of breaches
81%of companies breached
were not PCI compliant
$6.7million average
cost of a breach
CONFIDENTIALCONFIDENTIAL
Regulatory Compliance
� The DLP solution provides easy-to-use built in security policy
templates to help ensure compliance with the most widely enforced
compliance requirements, including:
� The Payment Card Industry Data Security Standard (PCI DSS)
� Gramm-Leach-Bliley Act (GLBA)
� Health Insurance Portability and Accountability Act (HIPAA)
� Sarbanes-Oxley (SOX)
� Personally identifiable information (PII) Etc.
9
CONFIDENTIALCONFIDENTIAL
Data Security Challenges 10
1. Where is my confidential data
stored?– Data at Rest & Use
2. Where is my confidential data
going?– Data in Motion
3. How do I fix my data loss
problems?
CONFIDENTIALCONFIDENTIAL
Data Leakage Vectors 11
CONFIDENTIALCONFIDENTIAL
Data Security-----Technology
Enablement Journey 12
Data Loss
/Incidents
Analyze the
Operating
Threat Vectors
Data Loss V/s
Business Impact
Create a Business Case : Busines
s Problem
and Requirements
Threat Vectors
V/s Solution
in the Market
Vendor Compari
sons and
Architecture
Data Flow
Analysis
Identify Sensitive/confid
ential Data
DLP Solution Implementation & Fine Tuning
DLP Policy
Implementation &Testin
g
Data SecurityTechnology
ImplementationDFA
CONFIDENTIALCONFIDENTIAL
Data Classification and
Identification
� One expects a DLP system can answer the following questions
� What is sensitive information?
� How to define sensitive information?
� How to categorize sensitive information?
� How to check if a given document contains sensitive information?
� How to measure data sensitivity?
� Data inspection is an important capability for a content-aware DLP solution. It consists of two parts:
� To define sensitive data, i.e., data classification
� To identify sensitive data in real time
13
CONFIDENTIALCONFIDENTIAL
Enabling Data Security
�Four fundamental approaches for sensitive data
definition and identification:
� Document fingerprinting
� Database record fingerprinting
� Multiple Keyword matching
� Regular expression matching
14
CONFIDENTIALCONFIDENTIAL
Document Fingerprinting
� A fingerprinted-content blade is fundamentally an encapsulated set offingerprints—hash values that uniquely identify all and parts of textcontent in a file, a complete file copy, or database cell content.
� Fingerprints are created by running a hash function against eachcomplete file, or parts or all of the text in files, or database columns thatyou specify. The resulting fingerprints or hash values are unique numericrepresentations of files or text content that are much smaller than theoriginal content.
� Matches to fingerprints are determined by creating hash values of ascanned document or transmission and comparing those hash values toexisting fingerprints. If one of the hash values matches a fingerprint, thenthe scanned entity is identical to or contains content identical tofingerprinted content and is flagged as a match.
15
CONFIDENTIALCONFIDENTIAL
16
CONFIDENTIALCONFIDENTIAL
�Full and Partial Text Fingerprinting
• With full and partial text fingerprinting, fingerprints (hash
values) are created for all and sections of the text in each file in
file shares or directories you specify, and all of these
fingerprints are encapsulated into a single fingerprinted-content
blade.
Full Binary Fingerprinting
�With full binary fingerprinting, fingerprints (hash values) are
created based on the binary content of each file in file shares or
directories you specify, and all of these fingerprints are
encapsulated into a single fingerprinted-content blade
17
CONFIDENTIALCONFIDENTIAL
Database Fingerprinting
� A database fingerprint is the encapsulated set of fingerprints, or row-related
hash values, that can be used to detect a content match to a specified
combination of column content stored in a database row.
� The hash values are created by running a hash function against the content
of all or selected columns of table rows in a database.
� Fingerprint matches to a database fingerprinted-content blade are
determined by comparing its row-related fingerprints to hash values derived
from the text content of scanned documents and transmissions.
18
CONFIDENTIALCONFIDENTIAL
Regular expressions
�Regular expressions are pattern-matching strings used to
identify sensitive content.
�These are patterns of numbers, letters, and symbols that
can match entire categories of formatted numbers or text
�Ex : A[0-4]{0,1}-\d{6}-[A-Z]{2}
� Matches 6 or 7 digit Alphanumeric account numbers
19
CONFIDENTIALCONFIDENTIAL
Keyword Matching
� The DLP content analyzer compares each keyword defined to the
content being analyzed, and if the rule is matched, that is one piece of
evidence that the content may be sensitive
� For example, In analyzing for confidential company intellectual
property, you might include internal project code names in a list of
keywords.
20
CONFIDENTIALCONFIDENTIAL
Technical views for data-in-
use and data-in-motion 21
CONFIDENTIALCONFIDENTIAL
DLP Systems and Architecture 22
CONFIDENTIALCONFIDENTIAL
DLP Policy Enforcement
Enforcement Levels
� Remediation
� Education & Awareness
� Audit Mode
� Remove False Positives
� Notification
� To User & Manager
� Prevention and Protection
� Quarantine Mode
� Block Mode
23
CONFIDENTIALCONFIDENTIAL
Risk Reduction in the
Implementation Life Cycle 24
Inc
ide
nts
� How is Risk Reduced?
� Fix broken processes
� Educate workforce
� Notify policy violators
� Notify management
� Protect files
� Prevent incidents
Baseline Prevention &
Protection
Remediation Notification
100
80
60
40
20
0
CONFIDENTIALCONFIDENTIAL
Implementation Complexity 25
DLP Implementation
IT Infra Team
DLP Tool Vendor
IT App Team
DLP Consulting Partner
Risk Management
Team
Business Functions
Multi stakeholder environment created complexity for the implementation
CONFIDENTIALCONFIDENTIAL
DLP benefits
� Understand Company’s confidential data -
where it is, how it is used
� Gain a competitive advantage, in both brand
value and reputation.
� To achieve Compliance and regulatory
controls
� To protect proprietary information against
security threats caused by enhanced
employee mobility and new communication
channels.
� Facilitate early risk detection and mitigation
� Educate employees and block unwanted
activity
26
CONFIDENTIALCONFIDENTIAL
Thank you
Satyanandan Atyam
Sr. Manager Risk Management, Data Privacy Officer
Bharti AXA General Insurance Company Ltd.
+91-9886868845
27